Aug 25 2021

APIs Create New Security Headaches

Category: App SecurityDISC @ 10:52 pm
APIs Create New Security Headaches

How APIs Create Security Risks

The proliferation of APIs that power applications, microservices, containers and serverless functions have created one of the greatest sources of security risk that businesses face today. The reason is simple: It’s not the development team’s responsibility to handle security. At the same time, however, security operations teams don’t have visibility into APIs. Because you can’t protect what you can’t see, Lebin Cheng, head of API security, office of the CTO at Imperva, pointed out three primary ways APIs create security risk for organizations:

  • A legacy application, initially deployed for internal use, is exposed externally using gateways that perform only fundamental authentication and authorization, with inadequate protection against sophisticated data exfiltration attempts. Because APIs are often connected directly to a data source, this can give attackers direct access to sensitive data.
  • Modern applications are increasingly built with outsourced components and/or services. This means that the majority of the application stack isn’t actually owned by the enterprise. What connects all these components is the API, but organizations often lack the visibility to monitor these API calls or the ability to secure the APIs in runtime.
  • The speed of software development is the Achilles’ heel of a security team. Developers need to move quickly and publish lines of code and APIs. However, the traditional approach of penetration testing for vulnerabilities isn’t feasible in today’s modern application workflow because it takes too long to conduct. This is creating a tug-of-war internally between the DevOps and SecOps teams.

“Data exfiltration through a compromised or vulnerable API is the risk organizations need to be most worried about,” said Cheng in an email interview. According to research by Imperva Research Labs, the number of new API vulnerabilities grew at the same time other vulnerabilities decreased; by 2024, it’s predicted that API abuses and related data breaches will nearly double in volume.

Enter the Hackers

API Security in Action

Tags: API security risks

Aug 25 2021

How to Reduce Risk with Runtime Application Self Protection

Category: App Security,Information SecurityDISC @ 1:03 pm
How to Reduce Risk with Runtime Application Self Protection

Instead of waning, cyber attacks continue to rise as the years pass. Several reasons contribute to this phenomenon, despite developing and deploying more robust network and data security platforms. First, the recent spate of disruptive cyberattacks hampering operations of organizations and government agencies proves that cybercriminals are becoming bolder in perpetuating their malicious activities.

These nefarious actors attack small, medium, and large corporations and organizations. Several attacks were publicized. Most of them are high-profile ransomware victims: Kaseya, JBS, SolarWinds, Colonial Pipeline, Acer, AXA, and CAN Financial. Many of them opted to pay the ransom demand not to disrupt operations that can affect thousands of businesses and consumers.

The nagging question is why cyberattacks are happening more often today. First, attackers are getting more sophisticated. Second, many are organized hacking groups, while some are already identified as government-backed hackers. The increase in cyberattacks can be attributed to several reasons, namely:

  • The willingness of many victims to pay the ransom;
  • Increased use of unregulated cryptocurrencies, which are harder to trace;
  • Publication of cyberattacks enticed other hackers to try the activity themselves, taking the publication of the attacks as successes of cybercriminals– this turned into a get-rich-quick scheme;
  • Increasing numbers of people going online, especially amid the pandemic.

Table of Contents

Alice and Bob Learn Application Security

Tags: Runtime Application

Aug 24 2021

Three reasons why ransomware recovery requires packet data

Category: Information Security,RansomwareDISC @ 9:13 am
Three reasons why ransomware recovery requires packet data

Given that, companies also need to carefully consider their ability to respond and recover from a ransomware incident. While the key component of recovery is maintaining and testing backups of critical data, one aspect of recovery that’s often overlooked is having access to the stored packet data from the lead-up and ransomware attack itself.

High-quality packet data is important for ransomware recovery in three critical ways: (a) For determining the timeframe for backup restoration; (b) For creating a record of the attack for incident response (especially for legal and compliance reporting); (c) and for analyzing the attack itself to prevent it from happening again.

How far back should we restore from?

Ransomware Protection Playbook

Tags: Ransomware Protection Playbook, ransomware recovery

Aug 23 2021

This Mouse Gives you Admin on Windows

Category: Windows SecurityDISC @ 1:14 pm
This Mouse Gives you Admin on Windows

Razer gaming mice come with a buggy installer. It starts automatically when you plug in one of Razer’s devices.

The installer runs as SYSTEM. And it lets you start a shell—which also runs as SYSTEM. A classic elevation-of-privilege bug. And one that’s incredibly simple to exploit.

Déjà vu? It’s like PrintNightmare all over again. In today’s SB Blogwatch, we point the fingers of blame.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: A VHS player with a window.

Not This One, That One

What’s the craic? Lawrence Abrams reports—“Become a Windows 10 admin by plugging in a mouse”:

It took us about two minutes”
Razer is a very popular computer peripherals manufacturer known for its gaming mouses and keyboards. When plugging in a Razer device into Windows 10 or Windows 11, the operating system will automatically download and begin installing the Razer Synapse software.

A zero-day vulnerability in the plug-and-play Razer Synapse installation … allows users to gain SYSTEM privileges [which is] the highest user rights available in Windows. … It took us about two minutes to gain SYSTEM privileges in Windows 10 after plugging in our mouse.

Razer has contacted the security researcher to let them know that they will be issuing a fix. … Razer also told the researcher that he would be receiving a bug bounty reward.

O RLY? Surur Davids adds—“All you need to gain admin privileges on Windows 10 is to plug in a Razer mouse”:

This Mouse Gives you Admin on Windows

Mastering Windows Security and Hardening: Secure and protect your Windows environment from intruders, malware attacks, and other cyber threats

Tags: Admin on Windows

Aug 22 2021

Google discloses unpatched Microsoft WFP Default Rules AppContainer Bypass EoP

Category: Security vulnerabilitiesDISC @ 2:19 pm
Google discloses unpatched Microsoft WFP Default Rules AppContainer Bypass EoP

Google disclosed the details of a Windows ​​AppContainer vulnerability because Microsoft initially had no plans to fix it.

Google Project Zero experts disclosed the details of a Windows ​​AppContainer flaw after Microsoft announced it had no plans to fix it.

The team focused its analysis on Windows Firewall and AppContainer that were designed by Microsoft to limit the attack surface of applications. Bypass network restrictions in AppContainer sandboxes could allow an attacker to access services on localhost, as well as granting access to intranet resources in an enterprise organization.

Google Project Zero researcher James Forshaw discovered an issue in the configuration of Windows Firewall that could allow attackers to bypass restrictions and allowed an AppContainer process to access the network.

“Recently I’ve been delving into the inner workings of the Windows Firewall. This is interesting to me as it’s used to enforce various restrictions such as whether AppContainer sandboxed applications can access the network. Being able to bypass network restrictions in AppContainer sandboxes is interesting as it expands the attack surface available to the application, such as being able to access services on localhost, as well as granting access to intranet resources in an Enterprise.” wrote Forshaw.

“I recently discovered a configuration issue with the Windows Firewall which allowed the restrictions to be bypassed and allowed an AppContainer process to access the network. Unfortunately Microsoft decided it didn’t meet the bar for a security bulletin so it’s marked as WontFix.”

According to Google, Microsoft decided to label the issue as WontFix.

“The default rules for the WFP connect layers permit certain executables to connect TCP sockets in AppContainers without capabilities leading to elevation of privilege.” reads the security advisory published by Microsoft. “Connecting to an external network resource from an AppContainer is enforced through default rules in the WFP. For example, connecting to the internet via IPv4 will process rules in the FWPM_LAYER_ALE_AUTH_CONNECT_V4 layer. This layer can contain rules such as “InternetClient Default Rule” which will match if the caller is in an AC and has the Internet Capability. If a match is made then the connection is allowed. Eventually an AC process will match the “Block Outbound Default Rule” rule if nothing else has which will block any connection attempt.”

Google discloses unpatched Microsoft WFP Default Rules AppContainer Bypass EoP

DevOps and Containers Security

Tags: AppContainer vulnerability, Containers Security, Google, Windows appcontainer

Aug 20 2021

Apple’s iPhone Backdoor

Category: Backdoor,Information Security,Smart PhoneDISC @ 11:43 am
More on Apple’s iPhone Backdoor

More on Apple’s iPhone Backdoor

In this post, I’ll collect links on Apple’s iPhone backdoor for scanning CSAM images. Previous links are here and here.

Apple says that hash collisions in its CSAM detection system were expected, and not a concern. I’m not convinced that this secondary system was originally part of the design, since it wasn’t discussed in the original specification.

Good op-ed from a group of Princeton researchers who developed a similar system:

Our system could be easily repurposed for surveillance and censorship. The design wasn’t restricted to a specific category of content; a service could simply swap in any content-matching database, and the person using that service would be none the wiser.

Practical Mobile Forensics: Forensically investigate and analyze iOS, Android, and Windows 10 devices

Tags: iPhone Backdoor, Mobile Forensics

Aug 20 2021

The warning signs of burnout and how to deal with it

Category: InfoSec jobsDISC @ 9:20 am
The warning signs of burnout and how to deal with it

The consequences of such an action could prove dire for your business, though, so before you let another day of stress go by, read on to learn some warning signs and tips on how to deal with burnout. The goal is to get your team working at maximum capacity without overworking them.

Signs of burnout

Burnout is the word used to describe acute exhaustion when your work becomes overwhelming and too stressful. It can lead to poor performance, absenteeism, or resignations. It is a real problem in many industries, but it’s hugely prevalent in information security because of the long hours and high pressure.

Fortunately, burnout comes with early warning signs that you can spot and address. These include:

  • Anger at colleagues
  • A constant feeling of exhaustion that could manifest in team members getting lost in daydreams or even nodding off at their desk
  • Expressions of hopelessness or being overwhelmed by their responsibilities or current task
  • The team member isolating themselves from others, i.e., avoiding time out with colleagues or social events
  • Unhappiness in the role
  • An inability to stop and take breaks
  • An increase in working hours (coming in early, staying late, skipping lunch, or frequently emailing during out-of-office hours)

If any of your staff shows some of these symptoms, it’s time to act!

Taking steps to head off burnout

Time Off: A Practical Guide to Building Your Rest Ethic and Finding Success Without the Stress

Tags: infosec burnout, infosec career, Rest Ethic

Aug 19 2021

Great Firewall Ready to Unleash ‘Gigantic’ DDoS—so are Other Middleboxes

Category: DDoS,Information SecurityDISC @ 12:51 pm
Great Firewall Ready to Unleash ‘Gigantic’ DDoS—so are Other Middleboxes

Researchers have disclosed a nasty new way for bad people to mess up the internet for the rest of us. They’ve found a fantastically powerful reflective-amplification attack technique that could easily be used for distributed denial of service (DDoS).

You’ll be pleased to know the researchers haven’t wasted their time dreaming up a fancy name or a logo. On the other hand, they’re far from hopeful that the problems can be fixed.

Nation-states would have to fix their firewalls, which ain’t gonna happen. In today’s SB Blogwatch, this is why we can’t have nice things.

Your humble blogwatcher curated these bloggy bits for your entertainment.

‘Infinite’ Amplification Ahoy

What’s the craic? Catalin Cimpanu reports—“Firewalls and middleboxes can be weaponized for gigantic DDoS attacks”:

Weaponizing this attack is relatively simple”
Academics said they discovered a way to abuse the TCP protocol, firewalls, and other network middleboxes to launch giant distributed denial of service (DDoS) attacks. … The research is the first of its kind to describe a method to carry out DDoS reflective amplification attacks via the TCP protocol, previously thought to be unusable for such operations.

Reflective amplification … happens when an attacker sends network packets to a third-party server on the internet, the server processes and creates a much larger response packet, which it then sends to a victim instead of the attacker. … The amplification factor for these TCP-based attacks is also far larger than UDP protocols, making TCP protocol abuse one of the most dangerous forms of … DDoS.

The flaw they found was in the design of middleboxes, which are equipment installed inside large organizations that inspect network traffic. … If the attacker tried to access a forbidden website, then the middlebox would respond with a “block page,” which would typically be much larger than the initial packet—hence an amplification effect. … Weaponizing this attack is relatively simple.

Distributed Denial of Service (DDoS) Attacks: Classification, Attacks, Challenges and Countermeasures

Tags: 800Gbps ransom DDoS, DDoS D/TLS, Gigantic DDoS, Great Firewall

Aug 18 2021

Adopting Zero-Trust for API Security

Category: Access Control,App Security,Zero trustDISC @ 11:56 am
Adopting Zero-Trust for API Security

Why Use Zero-Trust for API Security

Think of APIs as the new network; interconnected in complex ways and with API interactions happening both within and outside  of the organization.

“Public-facing APIs—for example, consumer banking—are usually a key area of focus when it comes to zero-trust,” said Dunne. “This is due to the obvious risk exposure when APIs are documented and made available on the public internet.”

However, the larger risk is found in private and internal APIs, because there is a common assumption that since they aren’t documented or found on a public network, they aren’t exposed.

But as threat actors become more sophisticated in their search for and discovery of private APIs, there is increased risk of the bad guys gaining access to massive amounts of sensitive data. Private APIs need the same layers of protection as public-facing APIs.

“APIs are, by definition, atomic in nature—meaning they can be invoked independently,” explained Setu Kulkarni, vice president, strategy at NTT Application Security in an email interview. “That creates a real challenge for securing these APIs.”

Given that, Kulkarni added, a critical consideration for implementing zero-trust in APIs is to ensure that there is appropriate access control built into the API implementation. Every API function call requires not just authentication but also authorization. Also, adding zero-trust around session validation helps to prevent unintended data leakage.

Integrating Zero-Trust in APIs

API Security in Action

Tags: API Security

Aug 18 2021

Kalay cloud platform flaw exposes millions of IoT devices to hack

Category: IoT SecurityDISC @ 11:36 am
Kalay cloud platform flaw exposes millions of IoT devices to hack

FireEye Mandiant researchers have discovered a critical vulnerability in the Kalay cloud platform that exposes millions of IoT devices to attacks.

Researchers at FireEye’s Mandiant have discovered a critical vulnerability, tracked as CVE-2021-28372, in a core component of the Kalay cloud platform which is used by millions of IoT devices from many vendors.

The flaw could be easily exploited by a remote attacker to take over an IoT device, the only info needed for the attack is the Kalay unique identifier (UID) of the targeted user. The identifier could be obtained via social engineering.

“The vulnerabilities described in this post affect a core component of the Kalay platform. Mandiant was not able to create a comprehensive list of affected devices; however, ThroughTek’s website reports more than 83 million active devices on the Kalay platform at the time of writing this post.” states the report published by Mandiant. “An attacker would require comprehensive knowledge of the Kalay protocol and the ability to generate and send messages. The attacker would also need to obtain Kalay UIDs through social engineering or other vulnerabilities in APIs or services that return Kalay UIDs. From there, an attacker would be able to remotely compromise affected devices that correspond to the obtained UIDs.”

An attacker that has obtained the UID of a targeted device could send a specially crafted request to the Kalay network to register another device with the same UID on the network. Then the Kalay servers will overwrite the existing device. Once the victim will connect the device, his connection will be directed to the attacker that could obtain the credentials used by the victim to access the device.

Most of the devices using the platform are video surveillance products such as IP cameras and baby monitors, an attacker could exploit this flaw to eavesdrop audio and video data.

The attacker could also use RPC (remote procedure call) functionality to completely take over the device.

Practical IoT Hacking: The Definitive Guide to Attacking the Internet of Things

Tags: IoT, IoT devices, IoT Hacking, IoT security

Aug 18 2021

The 3 Rs of visibility for any cloud journey

Category: Cloud computing,Information SecurityDISC @ 8:54 am
The 3 Rs of visibility for any cloud journey

While Security Orchestration Automation and Response (SOAR) solutions help automate and structure these activities, the activities themselves require telemetry data that provide the breadcrumbs to help scope, identify and potentially remedy the situation. This takes increasing significance in the cloud for a few reasons:

  • The public cloud shared security model may lead to gaps in the telemetry (e.g., lack of telemetry from the underlying infrastructure that could help correlate breadcrumbs at the infrastructure level to the application level).
  • Lack of consistency in telemetry information as applications increasingly segment into microservices, containers and Platform-as-a-Service, and as various modules come from different sources such as internal development, open source, commercial modules, and outsourced development.
  • Misconfigurations and misunderstandings as control shifts between DevOps, CloudOps and SecOps.
  • All the above coupled with a significant expansion of attack surface area with the decomposition of monolith applications into microservices.

When incidents occur, the ability to quickly size up the scope, impact and root cause of the incident is directly proportional to the availability of quality data, and its ability to be easily queried, analyzed, and dissected. As companies migrate to the cloud, logs have become the de-facto standard of gathering telemetry.

The challenges when relying almost exclusively on logs for telemetry

This book is designed for security and risk assessment professionals, DevOps engineers, penetration testers, cloud security engineers, and cloud software developers who are interested in learning practical approaches to cloud security. It covers practical strategies for assessing the security and privacy of your cloud infrastructure and applications and shows how to make your cloud infrastructure secure to combat threats, attacks, and prevent data breaches. The chapters are designed with a granular framework, starting with the security concepts, followed by hand-on assessment techniques based on real-world studies, and concluding with recommendations including best practices.

FEATURES:

  • Includes practical strategies for assessing the security and privacy of your cloud infrastructure and applications
  • Covers topics such as cloud architecture and security fundamentals, database and storage security, data privacy, security and risk assessments, controls related to continuous monitoring, and more
  • Presents several case studies revealing how threat actors abuse and exploit cloud environments to spread malware

Tags: cloud computing risks, cloud security

Aug 17 2021

How building a world class SOC can alleviate security team burnout

Category: Security Operations CenterDISC @ 11:04 am
How building a world class SOC can alleviate security team burnout 

Recent research indicates that 51 percent of SOC teams feel emotionally overwhelmed by the impossible volume of security alerts they must deal with, with the stress impacting their home lives.

Increasing the maturity of a SOC allows analysts to stop fighting fires and focus on higher value work. With careful planning and the right combination of automation and standardized processes, a mature, effective, and world-class SOC can be established.

The danger of alert overload

The cybersecurity landscape has become increasingly hostile, and teams must deal with an ever-increasing barrage of security alerts. Teams have reported spending nearly a third of their time simply dealing with false positives, and we have long since passed the tipping point where these numbers can be dealt with on a manual basis.

This is exacerbated by the fact that the on-going skills gap means recruiting and retaining a full team of analysts has become an increasingly costly proposition. Few firms can afford large teams, and even an army of analysts will not be able to comfortably tackle hundreds of alerts a day in addition to their other duties.

In addition to the sheer number of alerts they must deal with, SOC teams are hampered by inefficient processes. Many analysts end up using an ad-hoc suite of security solutions cobbled together from different providers and great deal of time can be wasted every day as analysts swap back and forth between different solutions. There is no easy way to compare data from different tools to identify trends and more complex threats. Uniting solutions under a single management system can help to win back lost time and establish a single view of threat data.

How building a world class SOC can alleviate security team burnout 

The Industry Standard, Vendor-Neutral Guide to Managing SOCs and Delivering SOC Services

This completely new, vendor-neutral guide brings together all the knowledge you need to build, maintain, and operate a modern Security Operations Center (SOC) and deliver security services as efficiently and cost-effectively as possible.

Leading security architect Joseph Muniz helps you assess current capabilities, align your SOC to your business, and plan a new SOC or evolve an existing one. He covers people, process, and technology; explores each key service handled by mature SOCs; and offers expert guidance for managing risk, vulnerabilities, and compliance. Throughout, hands-on examples show how advanced red and blue teams execute and defend against real-world exploits using tools like Kali Linux and Ansible. Muniz concludes by previewing the future of SOCs, including Secure Access Service Edge (SASE) cloud technologies and increasingly sophisticated automation.

This guide will be indispensable for everyone responsible for delivering security services―managers and cybersecurity professionals alike.

* Address core business and operational requirements, including sponsorship, management, policies, procedures, workspaces, staffing, and technology
* Identify, recruit, interview, onboard, and grow an outstanding SOC team
* Thoughtfully decide what to outsource and what to insource 
* Collect, centralize, and use both internal data and external threat intelligence
* Quickly and efficiently hunt threats, respond to incidents, and investigate artifacts
* Reduce future risk by improving incident recovery and vulnerability management
* Apply orchestration and automation effectively, without just throwing money at them
* Position yourself today for emerging SOC technologies

Tags: Security Operations Center, SOC

Aug 17 2021

Fortinet FortiWeb OS Command Injection allows takeover servers remotely

Category: Access Control,PowerShell Security,Security Breach,Security patching,Security ToolsDISC @ 8:38 am
Fortinet FortiWeb OS Command Injection allows takeover servers remotely

Fortinet addresses a command injection vulnerability that can allow attackers to take complete control of servers running vulnerable FortiWeb WAF installs.

An authenticated attacker could execute arbitrary commands as the root user on the underlying system via the SAML server configuration page. Experts pointed out that the flaw could be chained with an authentication bypass flaw that could allow an attacker

The vulnerability impacts Fortinet FortiWeb versions 6.3.11 and earlier, an authenticated attacker could exploit the issue to take complete control of servers running vulnerable versions of the FortiWeb WAF.

An authenticated attacker could execute arbitrary commands as the root user on the underlying system via the SAML server configuration page. Experts pointed out that the flaw could be chained with an authentication bypass flaw (i.e. CVE-2020-29015) to allow an unauthenticated attacker to trigger the vulnerability.

The vulnerability was reported by the researcher William Vu from Rapid7.

“An attacker, who is first authenticated to the management interface of the FortiWeb device, can smuggle commands using backticks in the “Name” field of the SAML Server configuration page. These commands are then executed as the root user of the underlying operating system.” reads the post published by Rapid7. “An attacker can leverage this vulnerability to take complete control of the affected device, with the highest possible privileges. “

The flaw could allow an attacker to deploy a persistent shell, install crypto mining software, or other malware families. If the management interface is exposed to the internet, an attacker could trigger the issue to reach into the affected network beyond the DMZ. Rapid7 researchers discovered less than three hundred devices exposing their management interfaces online. Let’s remind that management interfaces for devices like FortiWeb should not be exposed online!

OWASP WEB APPLICATION SECURITY THREATS – MARKET INTEREST TREND : FULL REPORT PACKAGE by [CURIOSITY PUBLISHERS]

Tags: OS Command Injection

Aug 16 2021

Copyright scammers turn to phone numbers instead of web links

Category: Smart Phone,Social networkDISC @ 9:41 am
Copyright scammers turn to phone numbers instead of web links

Copyright scams aren’t new – we’ve written about them many times in recent years.

These scammers often target your Facebook or Instagram account, fraudulently claiming that someone has registered a complaint about content that you’ve posted, such as a photo, and telling you that you need to resolve the issue in order to avoid getting locked out of your account.

The problem with copyright infringement notices is that if they’re genuine, they can’t just be ignored, because social media sites are obliged to try to resolve meaningful copyright complaints when they’re received.

To discourage bogus complaints and reduce harrassment – and if you are a content producer or influencer yourself, with an active blog, video or social media account, you will probably have had many well-meaning but ill-informed complaints in your time – sites such as Facebook, Instagram, Twitter and the like don’t put the complainant directly in touch with you.

The process usually goes something like this:

  • The complainant makes their claim to the service provider concerned. The service provider expects them to give full contact details, in order to discourage anonymous harasssment.
  • If the claim seems to hold water, the service alerts you, without giving your details to the complainant, and invites you to defend or to accept the complaint. (Obviously bogus claims, such as complaints about an images or video content in an article that is all text, shouldn’t go any further.)
  • If the claim is incorrect, you can repudiate it, for example by stating that you took a photo yourself or by showing a licence you acquired for a music clip.
  • If you don’t wish to contest the claim, you are usually expected to remove the allegedly infringing material promptly, and report that you have done so.

In either case, assuming that the service provider considers the case resolved, it’s then closed without the complainant getting to contact you directly, and without you needing to deal directly with the complainant in return.

Scam Me If You Can: Simple Strategies to Outsmart Today’s Rip-off Artists

Tags: Copyright scammers, Phone scams, Scam Me If You Can

Aug 15 2021

List of mandatory documents required by ISO 45001

Category: hipaa,Information Privacy,Information SecurityDISC @ 5:26 pm

By Luke Irwin

ISO 45001 is the international standard that contains best practices for OH&S (occupational health and safety). Its goal is to reduce injuries and diseases in the workplace, including the promotion and protection of physical and mental health.

It’s an issue that’s more important than ever. In addition to the 2.78 million deaths and 374 million injuries each year from workplace incidents, countless others face mental health issues.

COVID-19 helped put some of those problems into relief, but it’s something organisations must continue to be vigilant about as the pandemic subsides.

In this blog, we look at the mandatory documentation and records you must complete to comply with ISO 45001 – as well as non-mandatory documents that can support your compliance activities.

Mandatory documentation

  • Clause 4.3 Scope of the OH&S management system
  • Clause 5.2 OH&S policy
  • Clause 5.3 Responsibilities and authorities within OH&SMS
  • Clause 6.1.1 OH&S process for addressing risks and opportunities
  • Clause 
    6.1.2.2
     Methodology and criteria for assessment of OH&S risks
  • Clause 6.2.2 OH&S objectives and plans for achieving them
  • Clause 8.2 Emergency preparedness and response process

Mandatory records

  • Clause 6.1.1 OH&S risks and opportunities and actions for addressing them
  • Clause 6.1.3 Legal and other requirements
  • Clause 7.2 Evidence of competence
  • Clause 7.4.1 Evidence of communications
  • Clause 8.2 Plans for responding to potential emergency situations
  • Clause 9.1.1 Results on monitoring, measurements, analysis and performance evaluation
  • Clause 9.1.1 Maintenance, calibration or verification of monitoring equipment
  • Clause 9.1.2 Compliance evaluation results
  • Clause 9.2.2 Internal audit program
  • Clause 9.2.2 Internal audit report
  • Clause 9.3 Results of management review
  • Clause 10.2 Nature of incidents or nonconformities and any subsequent action taken
  • Clause 10.2 Results of any action and corrective action, including their effectiveness
  • Clause 10.3 Evidence of the results of continual improvement

Non-mandatory documents

In addition to mandatory documentation, there are many other parts of ISO 45001 that organisations may find relevant. This includes:

  • Clause 4.1 Procedure for determining context of the organization and interested parties
  • Clause 5.4 Procedure for consultation and participation of workers
  • Clause 6.1.2.1 Procedure for hazard identification and assessment
  • Clause 6.1.3 Procedure for identification of legal requirements
  • Clause 7.4.1 Procedure for communication
  • Clause 7.5 Procedure for document and record control
  • Clause 8.1 Procedure for operational planning and control
  • Clause 8.1.3 Procedure for change management
  • Clause 9.1.1 Procedure for monitoring, measuring and analysis
  • Clause 9.1.2 Procedure for compliance evaluation
  • Clause 9.2 Procedure for internal audit
  • Clause 9.3 Procedure for management review
  • Clause 10.1 Procedure for incident investigation
  • Clause 10.1 Procedure for management of nonconformities and corrective actions
  • Clause 10.3 Procedure for continual improvement

Establishing an OH&S management system

Those looking for more advice tackling occupational health and safety may be interested in Establishing an occupational health & safety management system based on ISO 45001.

This book, written by consultant and trainer Naeem Sadiq, explains how organisations can use ISO 45001’s requirements to create a safer work environment.

You’ll find out the purpose and requirements of each clause in ISO 45001, learn how to build an OH&S management system in a step-by-step approach and receive real-world examples of health and safety issues along with the ideal way to handle that situation.

Purchase your copy

Tags: ISO 45001

Aug 13 2021

3 Metrics to Gauge Cybersecurity Program Health

Category: Metrics,Security MetricsDISC @ 2:44 pm
3 Metrics to Gauge Cybersecurity Program Health

At their core, boards approve the strategic direction of an organization as well as how the organization allocates resources and mitigates risk. Security leaders have to present metrics that align with business objectives to make an impact at the board level. Here’s why many security metrics often fall short of this goal:

  • Metrics such as the number of daily phishing alerts don’t provide context—that is, they don’t inform CISOs if the numbers are good news or bad news. If metrics don’t point to next steps such as changing processes, better configuration of products or identifying opportunities for automation, the path to action is unclear.
  • Metrics often illustrate how tools are being used, not the results they yield and what those actually mean. Metrics based on tools are considered the low-hanging fruit of the security world—they’re easily available, but they don’t help solve problems.
  • Often, organizations don’t address people, processes and technology—three key pillars necessary to construct a big-picture view of how a company’s security model is performing.

While these are metrics to avoid, there’s are different metrics that matter to leadership and are understandable to many more stakeholders—not just the security team. These metrics focus on the effectiveness of resources being deployed (i.e. the security program tools and people) as well as ensuring you have the proper visibility to mitigate risk.

3 Metrics to Gauge Cybersecurity Program Health

More on Security Metrics…

Tags: infosec metrics

Aug 13 2021

Google open-sourced Allstar tool to secure GitHub repositories

Category: App Security,File Security,Security ToolsDISC @ 10:02 am
Google open-sourced Allstar tool to secure GitHub repositories

Google has open-sourced the Allstar tool that can be used to secure GitHub projects and prevent security misconfigurations.

Google has open-sourced the Allstar tool that can be used to secure GitHub projects by enforcing a set of security policies to prevent misconfiguration.

“Allstar is a GitHub App installed on organizations or repositories to set and enforce security policies. Its goal is to be able to continuously monitor and detect any GitHub setting or repository file contents that may be risky or do not follow security best practices.” reads the project description. “If Allstar finds a repository to be out of compliance, it will take an action such as create an issue or restore security settings.”

Open Source Intelligence Techniques: Resources for Searching and Analyzing Online Information

Tags: Open source

Aug 13 2021

3 Ways To Avoid Internet Hacking Incidents With Sports Related Ventures

Category: Hacking,Security IncidentDISC @ 9:49 am
3 Ways To Avoid Internet Hacking Incidents With Sports Related Ventures

Nowadays just as one cannot take enough safety measures when leaving their house of work to avoid running into problems and tribulations along the way, the exact same measures are to be taken into consideration when strolling around the wonderful world of the internet. It can be argued that the internet stands right up there as being one of the most important tools that recent technology has offered mankind to make lives easier. You can look for information, shop, wager on sporting events like pro football games through sites that focus on NFL predictions for games amongst other services and many other activities.

The internet has become the perfect tool for anyone and everyone to find absolutely everything they may want, need or anything in between, it’s become a staple of commodity and leisure, but it can also be a very dangerous tool if not handled properly. This tech tool has especially garnered fame and recognition amongst sports fans who flock to it in order to find all items related to their favorite teams, athletes and sports, but rest assured, one wrong move and dire consequences could be on the way

 Today though, let’s focus on one of sports fans’ favorite online activities, online sports betting and how to prevent hacking incidents from happening.

Table of Contents

Incident Response & Computer Forensics

Tags: NBA, NFL, Sports Related Ventures

Aug 12 2021

Ransomware and cyber insurance: What are the risks?

Category: Cyber Insurance,RansomwareDISC @ 4:12 pm
Ransomware and cyber insurance: What are the risks?

For these and other reasons, organizations are increasingly opting for cyber insurance coverage and paying higher premiums year after year. According to the U.S. Government Accountability Office, the number of companies opting for cybersecurity coverage grew from 26% in 2016 to 47% in 2020, and most saw breach insurance premiums increase by up to 30%.

Given the clear financial stakes, it is time security leaders understand the risks before adding cyber insurance to their strategy for ransomware prevention and recovery.

Successful breaches breed more attacks

Ransomware typically enters a company via a phishing attack or a compromise of a vulnerable system deployed on a network’s perimeter. From there, the infection proliferates via exploits or open shares, encrypting important data as it jumps from machine to machine, after which cyber criminals withhold the encryption key and threaten to publish sensitive data unless a ransom is paid.

The attackers, many of whom are part of sophisticated and organized groups, often provide a step-by-step guide for the targeted company to transfer ransoms in cryptocurrency, sometimes in the hundreds of thousands or millions of dollars. Sadly, when faced with costly downtime and/or the downstream effects of having sensitive data made public, many companies end up complying with the attackers’ demands. Paying the ransom, in turn, incentivizes more attacks, perpetuating the cycle of crime.

It’s important to note that cybersecurity insurance is also incentivizing attacks rather than serving as protection for the rarest of breaches. While U.S. law enforcement has typically urged companies not to pay the ransom, it has yet to decide to ban such payments altogether (though the US Department of the Treasury’s Office of Foreign Assets Control regulations prohibit U.S. companies from paying up if they suspect the attackers of being under its cyber-related sanctions program).

Tags: Ransomware and cyber insurance

Aug 12 2021

Trend Micro warns customers of zero-day attacks against its products

Category: Zero dayDISC @ 2:47 pm
Trend Micro warns customers of zero-day attacks against its products

Security firms Trend Micro is warning its customers of attacks exploiting zero-day vulnerabilities in its Apex One and Apex One as a Service products.

On July 28, Trend Micro released security patches for multiple incorrect permission assignment privilege escalation, incorrect permission preservation authentication bypass, arbitrary file upload, and local privilege escalation vulnerabilities in Apex One and Apex One as a Service products. The security firm also reported that attackers are already exploits at least two of the flaws (CVE-2021-32464, CVE-2021-32465, CVE-2021-36741, CVE-2021-36742) in attacks in the wild.

The vulnerabilities affect the Trend Micro Apex One (On Premise) and Apex One as a Service (SaaS) on Windows.

“Trend Micro has observed an active attempt of exploitation against two of these vulnerabilities (chained) in-the-wild (ITW) in a very limited number of instances, and we have been in contact with these customers already. All customers are strongly encouraged to update to the latest versions as soon as possible.” reads the advisory.

The company did not share info about the attacks in the wild that exploited the above vulnerabilities.

In April, the security firm revealed that attackers were actively exploiting a vulnerability, tracked as 

CVE-2020-24557
, in its antivirus solutions to gain admin rights on Windows systems.

The 

CVE-2020-24557
 vulnerability affects the Apex One and OfficeScan XG enterprise security products. 

Zero Days - Featurette - YouTube

Tags: Trend Micro, zero-day

« Previous PageNext Page »